Gathering 

Open Source Intelligence 

Anonymously 
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Background 



■ Founded Anonymizer 
in 1995 

■ Creating Solutions 
Since 1992 

■ Known for Consumer 
Privacy Service 

■ Major Corporate 
and Government 
Customers 




©2011 Ntrepid Corporation. All rights reserved. PROPRIETARY 



2 



is/trepid 




Exposed Field of Operations 
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is Anonymous 



STARBUCKS 
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©2011 Ntrepid Corporation. All rights reserved. PROPRIETARY 



5 



INTREPID 




www.newsweek.com 




Address 



Status 



N*wtw**k - National Newt, World N#wt, Haalth, Technology. Emertaioment and more | News****. com 

+ I ^|nttp //www. newt oetk.com/ G2Jr 



Activity 



SUJMOOG MNJJOUAAE 

• Tf» Uft» t0 1 ft *4 tkmaag 

• Omav Dimy Boy* Pmxm inJanOtct 

• 6sg Money T s* V j t * </ *•> 0 %c* 



idog' 

trwts of Kolkata 



Cover Story 



▼ Newsweek - National News, ..and more... I Newsweek.com 
► http://static.coolspotters.c-. .elle-obama-most-recent.html 
http://ad.doubleclick.net/... l;ord=233920772559940800? 
http://ad.doubledick.net/...2;ord= 233920772 5 59940800? 
http://ad.doubleclick.net/... 3:ord=233920772559940800? 
http://ad.doubleclick.net/. ..4;ord=233920772559940800? 

http://ads.peer39.com/adv 5620X7CX20Newsweek.com 

http://ads.peer39.com/advertiser/jsrv/ads722.js 
http://bc.newsweek.com/mr.. 15 835 71 l&bctid= undefined 
http://bc.newsweek.com/players/js/bcrjllscreenPlayer.js 
http://bc.newsweek.eom/p. ,.moreTab=true&r= 50642624 
http://bin.dearspring.eom/lib/0.8.2/379/b.swt 



Newsweek 



Th« 

Confidence 

Game 

flow Ohtmi ran ti 



La toil Newsweek 

How Str*«t Gangs HarvJ 

—Artci. -• i 

Is ttw Era of tfw Tsxas | 
How To Restors Public I 

• j 

Sti Myms About CNxdhi 

^ PrwWw And# i Rrtrtfl 

Alan Stanford A Mr M 



http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 

http://brightcove.vo.Hnwd 



NBC480.jpg?publd = 16991917 
NBC480.jpg?publd = 16991917 
00x300.jpg?pjbld-16991917 
00x300.jpg?pjbld= 16991917 
00x300.jpg?pjbld= 16991917 
,00x300.jpg?pjbld= 16991917 
00x300.jpg?pjbld= 16991917 
00x300.jpg?publd= 16991917 
.00x300.jpg?publd= 16991917 
00x300.jpg?pjbld= 16991917 
.00x300.jpg?pjbld= 16991917 
,00x300.jpg?pjbld= 16991917 
00x300.jpg?pjbld= 16991917 
00x300.jpg?publd= 16991917 
,00x300.jpg?pjbld= 16991917 
,00x300.jpg?pjbld= 16991917 
00x300.jpg?pjbld= 16991917 
,00x300.jpg?pjbld= 16991917 
00x300.jpg?pjbld= 16991917 
00x300.jpg?pjbld= 16991917 



http://brightcove.vo.Hnwd. ,.00x300.jpg?pjbld = 16991917 

http://cdn.clearspring.com/. .chpad/3953/preloader-en.js 

http://cs66.clearspring.c- &flg=800&evt=20X3D33f&s=l 

http://edge.quantserve.com/quant.js 

http : / /js. revsei. net /g ate way /gw.js?cs id =J05 5 3 1 

http://ml.2mdn.net/18432-.op_012909_sb_300x250.swf 

http://ml.2mdn.net/879366/flashwrite_l_2.js 

http://ml.2mdn.net/viewad/817-grey.gif 

http://ml.2mdn.net/viewad/817-grey.gif 

http://media.newsweek.com/... /topTen_live/bin/topl0.css 

http://media.newsweek.com. .ive/bin/xml/toplOData.xml 

http://media.newsweek.com/. ..rnel.swf?channel=AII&nw=t 

http://media.washingtonpo.-Olex.comX3FxtorX3DAL-173? 

http://media.washingtonpost...house/oct/health_house.gif 

http://media.washingtonpost.-OCt/House_ProjectCreen.gif 

http://media.washingtonpost....g_allergies/PC_AJIe rgies.gif 

http://media.washingtonpost-.ers/slate/house/jan/TH.gif 



201 items 
12 items 
1.4 KB 
0.4 KB 
0.4 KB 
4.6 KB 
0.3 KB 
2.1 KB 
24.8 KB 



15.6 KB 
21.9 KB 
21.9 KB 

23.6 KB 

23.6 KB 
25.1 KB 

25.1 KB 

18.7 KB 

18.7 KB 

21.8 KB 
67 bytes 

2.9 KB 

4.1 KB 

28.2 KB 
0.8 KB 

43 bytes 
43 bytes 
0.7 KB 
1.6 KB 
52.1 KB 
17.4 KB 
3.8 KB 

3.1 KB 



http://media.washingtonpost-.nks/js/utilsTextLinksXMLjs 



http://metrics.washingtonp...luginX20ContainerX3B&;AQE: 



http://ndn.newsweek.eom/me.-/label_latestnewsweek.gif 



0.7 KB A 



http://ndn.newsweek.com/site/images/get_and_share.gif 



0.5 KB T 
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The Threats 



■ Profiling 

■ Blocking 

■ Cloaking 

■ e-ldentity discovery 

■ Hostile environments 

■ Malware 
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Profiling 



Cyber counterintelligence 
Focus of interest 
Activities 
Plans 
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Search & Ads 





A) Sevilla 



barter 



« o o 



restaurants - Google Search 



# 1 C*1 http://www.google.com/search?q = restaurants&ie=utf-8&oe=utf-8&aq=t6 ^ ▼ > • restaurants 



restaurants - Google Search 



Sites with images 
▼ More search tools 

Something different 

cafes 

motels 

night clubs 

nightlife 



Done 



Best Deals and Discounts on the Best Local Restaurants - Save ... 



Find the best Testa ura nts in 

Alaska get the latest reviews 

whatsupAK.com 

Restaurants 

Restaurants Directory. Find It 



CD 



Saving money on dining out is easy with Restaurant.com gift certificates. Find restaurants in 
your area and 

fsD' My 



restaurant com/ - Cached - Similar 



Local business results for restaurants near San Diego, CA - J| 



TGI Friday’s® 

Looking for a new place to eat? 

Try Friday's Today & Get Your Flair 
On! 

TGIFridays.com 

La Jolla Dining Guide 

Restaurant Reviews, Photos, 
Menus Chef Profiles. Recipes, 
Coupons 

SanDiegoRestaurants.com 

Thinking of Dining Out? 



Fine Dinning Coupons 



Save Big on Local Restaurants 
with r^i.r nicmi mtoH niff 



San Diego's Best Fine Dinning 
Restaurant Offers 

www.thebestrestaurants.com 



www.croces.com - (619) 233-4355 - 

79 reviews 



www Resta u rant co m 



etco Park 



% 

Q° Q “'O 

sMjnrQ age ,-p 
Shopping Center 



SaoT)iego 

CnWention 



5979- 



233 



Candelas Restaurant 
www.candelas-sd.com - (619) 702-4455 - 

94 reviews 

Gaslamp Quarter Association 
www.gaslamp.org - (619) 233-5227 - 

23 reviews 

The Us Grant 
www.stanvoodhotels.com - 
(619)232-3121 -351 reviews 

Royal India - San Diego Restaurants 



©2010 Google, Sanborn 



www.royalindia.com - (619) 269-9999 

341 reviews 

II Fornaio 

www.ilfomaio.com - (619) 437-4911 - 

78 reviews 

Croce's Restaurant & Jazz Bar 
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Blocking - Unprotected IP 
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Cloaking - American IP 




SEARCH ALJAZEERA 



more 



more 



Site Guide Contact Us |A|set As HomePage 



ALJAZEERA NET Updated on: Friday 23 July 2004, 19:13 Makka Time, 16:13 GMT 

A 



Turkish rail 



disaster stirs u 



Advanced Search 



Homepage 



Economy 



a storm 






Subscribe / Information 




■ / 




Update Profile 


EU vows Middle 
East role as 






FEATURES 


Israel fumes 






Wall of contention 






Israel-EU relations 



take a nosedive 



Living in limbo 



v-ar veteran 



Turkish reform 



Kuwait targets leading rights activist • Afghan car bomb wounds four US 



China’s crackdown 



fear being foraotten 



Testing time for 



uestion marks over 



Sci-Tech 



News 



Al-Sadr gives 



first sermon in 
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•— «J>A-» * Help center 



»2004/7/24 jprt -*1425/6/7 



2004/07/23 

2004/07/26 



Cloaking 



Indian Sub-Continent 1 1 Destinations 



74 Flights per week 



Middle East 04 Destinations 



Now in English 



21 Flights per week 



english.aljazeera.net 



JUiVHS 
JL»&Sn j jLuajjjTl f+"1 















bLuaS 

4*d±l\ CAiUIt 

ljj£ 

♦ 
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Pricing through the standard IP on hotels.com is $91 less 
expensive than the pricing through the Geo Distribution IP 



H New York City Hotels - New York Hotel Discounts - hotels.com - Microsoft Internet Explorer 



Favorites 



© Back ’ © 0 0 ft) ^ Search '& Favorites <5 0 - % II □ 0 f] 1(1 O 

Address |^fe] http://www.hotels.com/promotion.jsp7id* 1039 

Google- v ^Search Web - ^ 116 blocked 'J) Autc 0 Options £ 

'%U\ All-hotels 




- iminfo 



Z\ 433 



inf o . alexa . com/data/details?url=http%3 A// w w w . hotels . com/promotion . jsp%3Fid%3D 1 039 




hotels.com - globale korting hotel reserveringen - Mozilla Firefox 



File Edit View Go Bookmarks lools Help 
<3 - ► 0 a „ http : //nl . hotels . com/index . jsp?pageName=hotSearch&showPopllp=true8iCid=7 1 00 1 &city=NewYork&stateProvinJ 

Travelocity : Great Pri. . . © Expedia Travel -- dis. . . _ Orbitz: Airline Tickets. . . hotels.com - The bes. . . . _ Food Network _ Welcome to MSN.com 

y Apply /^Edit ^Remove Q)Add Status: Using International Route % Options- 



International Route 



Q 502 Bad Gateway 



/* Slashdot: News for nerds, stuff t... Q Orbitz: Airline Tickets, Hotels, Ca... II \_\ Food Network 



The Hotel Thirty Thirty is situated on the East Side of Manhattan, 
between Madison and Park Avenues, more 
map | hotel information 

★★★ 

On The Ave Hotel 

Upper West Side / New York 

Located on the Upper West Side of Manhattan, On The Ave is a 
sophisticated but reasonably priced hotel that stands close to the 
Lincoln Center. Hayden Planetarium, Museum of Natural 
Broadwayt more... 
map | hotel information 

Holiday Inn Midtown 57j 

2 Blocks From Central Park / Ne 1 
The Holiday Inn Midtown has an 
residential neighborhood, in the 
Manhattan, more... 
map | hotel information 

★★★ 

Park Central New York 

Across From Carnegie Hall / New York 
The Paik Central Hotel New Yoik is located in the heart of in 
Midtown Manhattan directly across from Carnegie Hall, more 
map | hotel information 

Hotel Chandler. Frm Le Marquis 

Off 5th AveJMurray Hill / New York 

One of New York City's newest luxury boutique hotels nestled in 
historic Murray Hill, the Hotel Chandler, Frm Le Marquis stands 
close to the United Nations and the Garment and Flatiron districts 
ofsho more... 
map | hotel information 

★★★* 

The Time Hotel 

Broadway Half A Block / New York 

The Time Hotel is located in the heart of Manhattan's Times 
Square, placing Hotels.com travelers close to everything: nearly 40 




YORK 

Situated close to infinite options for dining, 
shopping and entertainment, the Millennium 
Broadway stands only a half block from glittery 
Times Square in the middle of the lights of 
Broadway, meer... 
kaart | Hotelinformatie 




Holiday Inn Midtown 57tl 

2 BLOCKS FROM CENTRAL PARK 
CITY 

The Holiday Inn Midtown has an o 
location in a quiet residential neighboi 
the otherwise, bustling Midtown Manhatl 
meer... 

kaart | Hotelinformatie 





The New York Helmsley Hotel 

42ND/3RD / NEW YORK 

Midtown Manhattan's New York Helmsley Hotel 
offers an undisputedly great location, 
cosmopolitan feel and sophisticated ambience, 
making the famously named facility a favorite 
with guests from througho meer... 
kaart | Hotelinformatie 

★★★ 

Carlton New York 

GR AMERC Y MADISON SQUARE PARK / NEW 
YORK 

As New YoiKs newest grand old hotel, the Carlton 
stands between the Murray Hill and Gramercy 
Park neighborhoods, where tree-lined streets 
make guests feel they're staying at a house rather 
than the c meer... 
kaart | Hotelinformatie 




Standard IP: $179 (EU 139) 



Geographic Distribution IP: $270 (EU 211) 
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e-ldentity Discovery 



■ Extended duration 

■ High visibility 

■ Google background 



facebook 







Google Clark kent 

Web Show options. Results 1 - 10 of about 2,970,000 for dark kent (0.14 seconds) 



iiBiMiwwp ■ ip ii 1 1 ijjiiiiiiiiipi i ii ■ iimiiiiii mi wi i ffwr ~ ini ! ■■ nr-m n ini ii rf-rimr y - Mini - ir iir|-iirri-^iiwiini'ii' •rniiinTM mu " 111111 ■■u ■■ minMi'iiniiiri iiiimumri mniiim $ urn - \wm — ■ppppwiimimiimwwppwimiiwimpm« r iii *^r 



Advanced Search 
Preferences 
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Hostile Environments 



■ Traffic analysis 

■ Forensics 
(capture of 
physical 
hardware) 
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Facebook Hijack 

■ Anyone at an open 
Wi-Fi can read all of 
your unencrypted traffic 

■ Attacker can intercept 
personal information 

■ Attacker can capture 
and use: 

■ Username 

■ Password 

■ Authentication 
cookies 
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Malware 



■ Exposed Internet 
activities leave 
internal networks 
vulnerable to 
compromise 




V 
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How do they 

know? 
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What is an IP address? 



97.65.188.109 



Your computer’s 
“street address” 
on the Internet 
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Name: 

Address: 

City: 

State: 

Postal Code: 
Country: 

Reg Date: 
Updated: 

Net Range: 

Org Tech Name: 
Org Tech Phone: 
Org Tech Email: 



DRUG ENFORCEMENT ADMIN-DJDEA 

800 K STREET #500 

WASHINGTON 

DC 

20091 

US 

2008-1 0-1 6 
2008-1 0-1 6 

209.183.199.128 - 209.183.199.143 
Network Operations Center 
+1-301-589-3060 
noc@atlantech.net 
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Published IP Addresses 



7 Blocklist Manager 



File Edit Clear Import Export Array Tools Donate Help 

4 Jt 4- ^ O 

Sources Process Add IP Import List Export List Convert 



0 

Whois 



Options 



Exit 



Range Start 


Range End 


Rule T... 


Comment 




Sources 


IP Count 


Netmask 


CIO 


207.078.063.000 


207.078.063.255 


Deny 


DHL Systems Inc 




PG 


0000000256 


255.255.255 000 


f2‘ 


209.078.057.240 


209.078.057.255 


Deny 


DHL Systems Inc 




PG 


0000000016 


255.255.255.240 


721 


198.141.000.000 


198.141.255.255 


Deny 


DHL Systems, Inc, DHL Systems Inc 




PG 


0000065536 


255.255.000.000 


711 


194.219.092.064 


194.219.092.079 


Deny 


Dhmos Kalymnou 




PG 


0000000016 


255.255.255.240 


721 


062.001.018.064 


062.001 018.079 


Deny 


dhmos pallinis 




PG 


0000000016 


255 255.255.240 


721 


067.135.067 016 


067.135.067.023 


Deny 


DHS 




PG 


0000000008 


255.255.255.248 


72! 


212.042.178.016 


212.042.178.023 


Deny 


DHS 




PG 


0000000008 


255.255.255.248 


72! 


075.144.113.032 


075.144.113.047 


Deny 


DHS -FLETC 




PG 


0000000016 


255.255.255.240 


721 


075.145.200.088 


075.145.200.095 


Deny 


DHS - FLETC- FRI 




PG 


0000000008 


255.255.255.248 


72! 


012.032.098.240 


012.032.098.255 


Deny 


DHS CLUB INC 




PG 


0000000016 


255 255.255.240 


721 


069.225.166.128 


069.225.166.135 


Deny 


DHS CUSTOMS & BORDER PROTECTION-04081 1045247 


PG 


0000000008 


255.255.255.248 


72! 


069.233.188.216 

069.230.001.016 


069.233.188.223 

0690 ro. 144 


Deny DHS CUSTOMS & BORDER PROTECTION-041 201 033537 

. 1 1 j.uj^ uro. 1 44. i i j.u 4 r ueny 


PG 

uns 


0000000008 

• l-LL 1 U 


255.255.255.248 


72! 



065.005 094 064 
076.216.109.200 
076.249.166.208 

063.086.100.232 

196.012.174.000 

076.205.227.232 
076.228.020.088 
012.004.029.240 

065.120.069.000 
067.133.227.048 

067.135.189.128 

203.148.208.000 

203.154.068.000 

203.155120.000 

221.128.120.000 
081.092.045.144 
217.222.020.168 

085.044.040.232 

063.192.199.128 



075 . 145 . 

012 . 032 . 

069 . 225 . 

069 . 233 . 

069 . 230 . 

065.005 



200 . 

098 . 

166 . 

188 . 

001 . 

094 . 



145 . 200.095 
032 . 098.255 
225 . 166.135 
233 . 188.223 
230 . 001.023 
005.094 079 



Deny 

Deny 

Deny 

Deny 

Deny 



Dhurakijpundit University 
Dl CLEMENTE SOFTWARE 
Dl DEDDA ELETTROMEDICALI 
Dl I0RI0ITAL0 FRANCESCO 
Pi Napoli J Phillip Atty 



Deny 

Deny 

Deny 

Deny 

Deny 

Deny 



DHS 

DHS 

DHS 

DHS 

DHS 

DHS 



-FLETC- FBI 
CLUB INC 
CUSTOMS & BORDER PROTECTIOI 
CUSTOMS & BORDER PROTECTIOI 
CUSTOMS & BORDER PROTECTIOI 
Ft McCellan 



000000051 2 
0000000008 
0000000008 
0000000008 
0000000008 



255.255.254 000 

255.255.255.248 
255.255.255.248 
255 255.255.248 
255.255.255.248 



a / trepio 1 
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Exposed IP Addresses 

■Total IP addresses worldwide: 

Over 4 billion 

■ IP addresses tracked on monitored lists: 

Over 2.5 billion 

59% of all IPs are published 

Source: Blocklist Manager 
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Geolocation 



Based on: 

■ IP address 

■ GPS 

■ Cell Towers 

■ Wi-Fi 

■ Behavior 



Fargo, ND 
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Illegal Anonymity is Easy 



■ Buy access with 
stolen credit card 

■ Use stolen 
access account 

■ BotNet 

■ Malware/Phishing 
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Non-Attribution is Not Enough 




Overt Attribution Zero Attribution Blend In 
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Philosophical Approach 



■ Look like them 

■ Act like them 

■ Leave no unintended patterns 

■ Isolate research network from 
analysis 

■ Consider how you look at your end 
as well as to targets 
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Non-Attribution 

Looking Like Nobody In Particular 



Usually geographically specific 




No particular identity 



Minimize patterns 



Techniques 

■ Random identities 

■ Long recurrence 

■ Wipe history 







*J 




* 



* 
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High Volume Non-Attribution 

Hiding the Spotlight 

■ Automated search or harvesting 
generates massive traffic 

■ Detectable even if non-attributed 

■ Key metric 

■ Hits per target per source per day 

■ Techniques 

■ Many sources 

■ Rate limited 

■ Human-like click patterns t 
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Misattribution 
Working in Alias 



■ Communications are 
trackable to a specific 
entity 

■ Long lifetime aliases 
require special treatment 

■ Born yesterday problem 
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Location Non-Attribution 



Second biggest targeting 
factor (after identity) 

/ 

Must look like a local 
When in Rome. . . . 

Technical and human 
blending 



Which social networking site? 
Which chat rooms? 
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HTTP Metadata 



System capable of changing: 

■ Country or region of origin 

■ Language 

■ Character set 

■ Operating system 

■ Browser type and version 
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Isolate Your Activity From 

Your Network 



Customer Virtual Computer 

Network for Online Research 




Fire Wall 
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Best Practices to Protect Yourself 



1 . Think before you type. Your brain 
is your best security tool. 

2. Use a different email address for 
every website and for each 
activity. 

3. Use unique usernames and 
passwords for every site and for 
each activity. 

4. Clear private data and history 
from your browsers after every 
session. 

5. Use and maintain firewall and 
anti-malware tools. 

6. When engaged in Web 
harvesting, use a large number of 
source IP addresses. 

33 



7. Do not conduct any personal 
business on operational 
computers. 

8. Work in a virtualized environment, 
and revert to a baseline image 
frequently. 

9. Never keep sensitive or work 
information on the machine (or 
Virtual Machine Image) used for 
Internet operations/investigations. 

10. Make sure your Internet activities 
can never be traced back to you 
or your organization. 
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Thank You 

Lance Cottrell 
CTO, Ntrepid 

lance.cottrell@ntrepidcorp.com 
Exhibit Booth #209 
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